File size

File size

File size

File size

ClickOnce is a new deployment technology in the next version of Visual Studio (Visual Studio 2005, aka "Whidbey").

ClickOnce lets you deliver .NET apps with just a single click off of a Web page. Here Jamie Cool demonstrates the developer experience of ClickOnce and how you'll be able to use it in your own applications.

Cool demo. Our install and support folks are going to go ga-ga over this. We were doing early design work on an "auto-upgrader" for our existing .NET client apps ... looks like that'd be a waste of time now.

I did get a kick out of the IISRESET, though ... now that's a realistic demo.

Doesn't sound like the security message is sticking. That, sir, is lip service to security. Demonstrate real world examples.

The more Microsoft folks "whatever" security and use demo/dev behavior the more the folks who only watch and copy will get it wrong or not value the security bits and wizards and what they were designed to do. I realize security wasn't the purpose of the demonstation
but the "whatever" hurts the cause.

The guy mentioned that it wouldn't work on Netscape. Why? Can the program and ClickOnce only be launched by Internet Explorer? It should work with other browsers too. Maybe not Netscape but certainly with FireFox or Mozilla or Opera.

The guy mentioned that it wouldn't work on Netscape. Why? Can the program and ClickOnce only be launched by Internet Explorer? It should work with other browsers too. Maybe not Netscape but certainly with FireFox or Mozilla or Opera.

I think it was more a case that it won't work the way they are written today. If they call the Windows URL APIs or handle the MIME types correctly themselves it should work fine.

I'm more concerned by how much space will potentially be wasted by the roll-back feature. It's not much for a simple app like that but what about something the size of Office? That said it is potentially very cool for those times when an update breaks functionality.

Jamie most likely "whatevered" security because we're still working on tweaking our security settings and system before we release. Thus, what he shows you now in the security part of ClickOnce isn't what you're going to see when we ship Beta 2 and RTM.

As someone who is deeply involved in this (I wrote the code on the security property page and I'm updating the signing page), I can tell you that we are NOT taking security lightly. We work closely with the Windows team to make sure we make the right security
choices going forward. The CLR security team is a key contributor to the ClickOnce effort.

Security is ALWAYS on our mind when we design, implement, and test ClickOnce.

Question.. If a user downloaded/installed the application, and then the Dev changed the security permissions and the user gets an update, does it warn that user about changes in the privileges of the updated version?

Question.. If a user downloaded/installed the application, and then the Dev changed the security permissions and the user gets an update, does it warn that user about changes in the privileges of the updated version?

I think it was more a case that it won't work the way they are written today. If they call the Windows URL APIs or handle the MIME types correctly themselves it should work fine.

I'm also confident that the good people working on Firefox will adress that issue. This could become what ActiveX never was! Or in a worst case become ActiveX all over again.
I think the deciding factor will be if it is possible to get end users to pay attention to the security dialogs and not just click accept/deny like zombies.

I can tell you from experience that home users will likely hit OK and ignore any warnings if the application title is pleasing enough, for instance above mentioned exampole "Paris Hilton pictures".

Another question anyway:

Will ClickOnce show warnings if the publisher changed during an update? Because it wouldn't be exactly the bomb when some hacker uploads a different package and ClickOnce assumes it automatically safe because the update comes from the same place as the initial
install and all previous updates.

Thanks Sampy. I really Know MS is taking security seriously. I also Know people deploy code based on your samples. They hop over the wizard they see an MS demo hop over.

My plea is to deal with the security where ever it is encountered in demos. In time it will become second nature, requiring no comment or explanation.

In the mean time I'll go back to educating my devteams and consulting groups on why not to use SQL sa , why not to store secrets in plaintext with everyone read ACLs , and all the other things they learned in the bad old days.

Thanks Sampy. I really Know MS is taking security seriously. I also Know people deploy code based on your samples. They hop over the wizard they see an MS demo hop over.

All ClickOnce manifests must be signed otherwise they are invalid. VS does not let you create unsigned manifests (we'll make a new key for you if you try and publish without a key selected) and the runtime will not execute them. If a ClickOnce application
activated from the internet and does not run inside the Internet zone, it will not activate unless the signature is trusted. Try it in Beta 1, the user isn't even allowed to override this choice.

The ClickOnce defaults will be secure and prevent unathorized execution. We're taking a very XP SP2 approach to things in this regard. "We" being not just the ClickOnce team but all of the Visual Studio and .Net frameworks team and all of Microsoft.

Dumb question, are the premises (code and whatnot) for a ClickOnce install packed with the file that gets deployed on a webserver? Means, can anyone install a ClickOnce package without installing something else in advance?

If a ClickOnce application activated from the internet and does not run inside the Internet zone, it will not activate unless the signature is trusted. Try it in Beta 1, the user isn't even allowed to override this choice.

It looks like I'll need a couple more zones then because I want my internet zone as restrictive as it can be made (absolutely no downloaded script/code is to be executed) so click-once applications from a 'cool-apps' site would not be allowed. Also, I don't
want to have to provide full trust to a C-O application from someone I do not know, and I may want to relax restrictions for applications from well known sources, but still not allow full trust (such as executing unmanaged code)

This all looks like it could get very messy, rather quickly if I want anything other than Internet zone, or Full Trust. But I actually do want a sandbox zone for these type of applications, without having to change the settings I have for the current zones.
What is being done to provide that sort of sandbox zone?

What I'd like to see is a means to set up a customized zone (sandbox) the first time I hit a click once link such that I can set the permissions right there, or can choose from a preconfigured (admin supplied) template. It seems to me, having just the two
extremes (Internet and Trusted) will not be enough to enjoy the technology in a safe manner. Having variable shades of grey will be confusing to a casual user, but providing a few common templates may be well advised....

Remove this comment

Remove this thread

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums, or
Contact Us and let us know.